Try: eth0 (external) - > x.y.z.193/27 eth1 (internal) -> x.y.z.225/27 (non-nat) eth2 (internal) -> 192.168.0.0/24 (nat) eth0 -> turn on proxy_arp eth1 -> turn on proxy_arp eth2 -> leave proxy_arp off. This should work just fine. Connections for the eth1-connected addresses will 'forward' through the box (set up your firewall rules appropriately) from eth0 (and vice-versa). To explain what I mean: ipchains -A forward -s x.y.z.255/27 --jump ACCEPT ipchains -A forward -s 192.168.0.0/24 --jump MASQ ... have fun. -- Michael T. Babcock CTO, FibreSpeed Ltd. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
